nerdexam
Exams210-255Questions#118
Cisco

210-255 · Question #118

210-255 Question #118: Real Exam Question with Answer & Explanation

The correct answer is C: false positive. When an IDS flags a permitted and legitimate action as malicious, the alert is a false positive - an incorrect detection of a threat that does not exist.

Question

Employees are allowed access to internal websites. An employee connects to an internal website and IDS reports it as malicious behavior. What is this example of?

Options

  • Atrue positive
  • Bfalse negative
  • Cfalse positive
  • Dtrue negative

Explanation

When an IDS flags a permitted and legitimate action as malicious, the alert is a false positive - an incorrect detection of a threat that does not exist.

Common mistakes.

  • A. A true positive means the alert correctly identified real malicious behavior, but access to the site is authorized so no actual threat occurred.
  • B. A false negative means a real attack occurred but was NOT detected; the IDS did generate an alert, so this is not a missed detection.
  • D. A true negative means no threat existed and no alert was raised; an alert was raised here, so this cannot be a true negative.

Concept tested. IDS false positive vs true positive classification

Reference. https://csrc.nist.gov/glossary/term/false_positive

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice